I've tried multiple ways to sign a Cloud Storage URL. Keep getting:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '#####' is therefore not allowed access.
The kod should work as I have tested multiple libraries:
from google.cloud import storage
storage_client = storage.Client()
bucket = storage_client.get_bucket(app_identity.get_default_gcs_bucket_name())
latest_blob = None
for blob in bucket.list_blobs():
bn = blob.name
if not latest_blob or bn > latest_blob.name:
latest_blob = blob
signed_url = latest_blob.generate_signed_url(
int(time.time()) + 3600,
method='GET',
content_type="text/csv")
self.redirect(signed_url)
I've think there might be some Cloud-console-settings wizardry needed.
I've granted the service account full access to storage, by IAM and in the bucket. I thought the redirect could be the issue but copy-paste didn't work either; SignatureDoesNotMatch.
It sounds like you have two problems:
It sounds like you trying to use the URL from JavaScript in a web browser. If so, you'll need to set a CORS policy on your objects, as the default is to reject cross-origin requests. Check out https://cloud.google.com/storage/docs/cross-origin for details.
Beyond that, it sounds like your request was also failing when you entered the URL directly, and that you got a SignatureDoesNotMatch exception. I'm guessing the problem is that you are specifying a content_type for a GET request. Clients don't specify a "Content-Type" header when making requests. Try removing it.